TY - GEN
T1 - Beyond stack inspection
T2 - S and P 2007: 2007 IEEE Symposium on Security and Privacy, SP'07
AU - Pistoia, Marco
AU - Banerjee, Anindya
AU - Naumann, David A.
PY - 2007
Y1 - 2007
N2 - Modern component-based systems, such as Java and Microsoft .NET Common Language Runtime (CLR), have adopted Stack-Based Access Control (SBAC). Its purpose is to use stack inspection to verify that all the code responsible for a security-sensitive action is sufficiently authorized to perform that action. Previous literature has shown that the security model enforced by SBAC is flawed in that stack inspection may allow unauthorized code no longer on the stack to influence the execution of security-sensitive code. A different approach, History-Based Access Control (HBAC), is safe but may prevent authorized code from executing a security-sensitive operation if less trusted code was previously executed. In this paper, we formally introduce Information-Based Access Control (IBAC), a novel security model that verifies that all and only the code responsible for a security-sensitive operation is sufficiently authorized. Given an access-control policy α, we present a mechanism to extract from it an implicit integrity policy, and we prove that IBAC enforces. Furthermore, we discuss large-scale application code scenarios to which IBAC can be successfully applied.
AB - Modern component-based systems, such as Java and Microsoft .NET Common Language Runtime (CLR), have adopted Stack-Based Access Control (SBAC). Its purpose is to use stack inspection to verify that all the code responsible for a security-sensitive action is sufficiently authorized to perform that action. Previous literature has shown that the security model enforced by SBAC is flawed in that stack inspection may allow unauthorized code no longer on the stack to influence the execution of security-sensitive code. A different approach, History-Based Access Control (HBAC), is safe but may prevent authorized code from executing a security-sensitive operation if less trusted code was previously executed. In this paper, we formally introduce Information-Based Access Control (IBAC), a novel security model that verifies that all and only the code responsible for a security-sensitive operation is sufficiently authorized. Given an access-control policy α, we present a mechanism to extract from it an implicit integrity policy, and we prove that IBAC enforces. Furthermore, we discuss large-scale application code scenarios to which IBAC can be successfully applied.
UR - http://www.scopus.com/inward/record.url?scp=34548708576&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=34548708576&partnerID=8YFLogxK
U2 - 10.1109/SP.2007.10
DO - 10.1109/SP.2007.10
M3 - Conference contribution
AN - SCOPUS:34548708576
SN - 0769528481
SN - 9780769528489
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 149
EP - 163
BT - Proceedings - S and P 2007
Y2 - 20 May 2007 through 23 May 2007
ER -